Develop new features
The latest versions of the Wazuh plugin can be developed through a development environment based on Docker containers.
First of all, you need a working environment composed at least by the next components:
- 1 x Wazuh manager
- 1 x Wazuh API
- 1 x Filebeat
- 1 x Elasticsearch
Once you have the whole environment working you'll need also the next tools:
- nvm
- git
Clone the repository in one of two ways:
- Clone the entire repository:
git clone https://github.com/elastic/kibana - Clone a single branch of the repository:
git clone --single-branch --depth 1 -b v <KIBANA_VERSION> https://github.com/elastic/kibanawhere<KIBANA_VERSION>is the version you want to install.
The above commands will create a folder called kibana in the current directory.
If you cloned the entire repository, you can move to the branch you want with:
git checkout <branch/tag>
where branch/tag is the branch or tag you want to move to. You can check the branches and tags available in the Kibana repository.
Depending on the version of Kibana in use, replace --git-common-dir with --git-dir:
- For Kibana <v7.9.0:
sed -i -e 's/-git-common-dir/-git-dir/' src/dev/register_git_hook/register_git_hook.js - For Kibana> v7.9.x:
sed -i -e 's/-git-common-dir/-git-dir/' packages/kbn-dev-utils/src/precommit_hook/get_git_dir.ts
The wazuh-registry.json file where the app stores some data about the configured hosts is found within the app files within Kibana. In development mode, any change in the app files causes Kibana to restart. Ignore the wazuh-registry.json located in the plugin/wazuh directory.
To do this, edit src/cli/cluster/cluster_manager.ts looking for:
const pluginInternalDirsIgnore = scanDirs
.map (scanDir => resolve (scanDir, '*'))
.concat (pluginPaths)
.reduces (
(acc, path) =>
acc.concat (
resolve (path, 'test'),
resolve (path, 'build'),
resolve (path, 'target'),
resolve (path, 'scripts'),
resolve (path, 'docs'),
Adding the following line at the end:
resolve ('<KIBANA_DEV_PATH> /plugins/wazuh/server/wazuh-registry.json')
Replacing <KIBANA_DEV_PATH> by the directory where the development Kibana folder is located.
It is necessary to install the version of NodeJS required by Kibana, for this, you can look at:
- package.json
- .nvmrc
To change the version of NodeJS, you can use one of the following methods:
-
Install nvm:
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.37.2/install.sh | bash -
Restart or open a new terminal session, you will have the nvm command available.
-
Install the NodeJS version:
nvm install <NODEJS_VERSION>where<NODEJS_VERSION>is the version of NodeJS you want to install.
Example:
nvm install 10.22.1
Install package n globally
sudo npm i -g n
Install the NodeJS version:
n <NODEJS_VERSION>
where <NODEJS_VERSION> is the version of NodeJS you want to install.
Example:
n 10.22.1
Install global version of yarn specified in package.json
sudo npm i -g yarn@<YARN_VERSION>
where <YARN_VERSION> is the version to install
Example:
sudo npm i -g yarn@1.21.1
At the root of the Kibana of development:
yarn kbn bootstrap
Clone the wazuh-kibana-app repository as a submodule:
git submodule add -f https://github.com/wazuh/wazuh-kibana-app /plugins/wazuh
Go to the cloned directory, and move to the app branch with:
git checkout <BRANCH/TAG>
In case you want to have the source code of the app outside of where you have Kibana, for example in a VM (virtual machine), you can synchronize the source code of the app with the app files within the directory tree of the Kibana of growth. It needs to be synchronized with the plugins/wazuh directory. For this you can use rsync or text editor plugins like sftp. This is useful if you want to have separate where the development Kibana and your source code are.
git clone https://github.com/wazuh/wazuh-kibana-app -b <BRANCH>
cd wazuh-kibana-app
// Make some changes
rsync -avh ./ user@kibana_ip:/kibana-path/plugins/wazuh --exclude=.git --exclude=node_modules --delete
If you are using private SSH keys, add this to your rsync command:
-e "ssh -i /path/private_key"
If you installed the Kibana dependencies before including the Wazuh plugin code, you can install the plugin dependencies by changing the version to the version specified in the package.json in the node_build field. Install the dependencies of the app with the following command being at the root of the Wazuh plugin
yarn
echo fs.inotify.max_user_watches = 524288 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p
- Set the NodeJS version to the one Kibana requires using nvm or n. Settings preferences when starting the development Kibana:
- CLI
- Kibana.dev.yml configuration file
- Kibana.yml configuration file
- CLI Configurations can be added in the Kibana startup command of the type:
--SETTING.NAME = "VALUE"
- Creating
kibana.dev.ymlandkibana.yml
Create a file in <KIBANA_DEV_PATH>/config/kibana.dev.yml and specify the Kibana configuration settings
If you are using a basic Elascticsearch environment without security you can use the following command to start Kibana dev:
yarn start --oss --no-base-path --server.host = \ "0.0.0.0 \" --elasticsearch.hosts = \ "[http / s]: // <ELASTICSEARCH_HOST>: 9200 \"
where
-
[http/s]: protocol where Elasticsearch http or https is served -
<ELASTICSEARCH_HOST>is the Elasticsearch host address -
--ossfor Elasticsearch without security or with Open Distro for Elasticsearch. If you use X-Pack remove this flag from the command. You can add the development configuration in the file <KIBANA_DEV_PATH>/config/kibana.yml or <KIBANA_DEV_PATH>/config/kibana.dev.yml in the Kibana development directory. The second takes precedence.
Now you have Kibana properly configured, let's start it without the Wazuh app:
yarn start --no-base-path --server.host="0.0.0.0" --elasticsearch.url="http://elastic" --no-watch
Press ctrl + c to exit.
The client-side changes should be reflected without any reload from Kibana (press ctrl + F5 in your browser). The server-side changes will fire a server reload, so it could take a bit more to be reflected.